* [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards
@ 2023-06-01 0:26 Michael Niedermayer
2023-06-01 0:26 ` [FFmpeg-devel] [PATCH 2/2] tools/target_dec_fuzzer: Adjust threshold for QPEG Michael Niedermayer
2023-06-01 0:28 ` [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards James Almer
0 siblings, 2 replies; 3+ messages in thread
From: Michael Niedermayer @ 2023-06-01 0:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Also update check accordingly
Fixes: tickets/10237/mszh_306_306_yuv422_nocompress.avi
Fixes: tickets/10237/mszh_306_306_yuv411_nocompress.avi
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/lcldec.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c
index ed78d9d570..1c93378c4c 100644
--- a/libavcodec/lcldec.c
+++ b/libavcodec/lcldec.c
@@ -231,16 +231,19 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
break;
case COMP_MSZH_NOCOMP: {
int bppx2;
+ int widtha = width;
switch (c->imgtype) {
case IMGTYPE_YUV111:
case IMGTYPE_RGB24:
bppx2 = 6;
break;
case IMGTYPE_YUV422:
+ widtha &= ~3;
case IMGTYPE_YUV211:
bppx2 = 4;
break;
case IMGTYPE_YUV411:
+ widtha &= ~3;
case IMGTYPE_YUV420:
bppx2 = 3;
break;
@@ -248,7 +251,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
bppx2 = 0; // will error out below
break;
}
- if (len < ((width * height * bppx2) >> 1))
+ if (len < ((widtha * height * bppx2) >> 1))
return AVERROR_INVALIDDATA;
break;
}
@@ -314,8 +317,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
}
break;
case IMGTYPE_YUV422:
+ pixel_ptr = 0;
for (row = 0; row < height; row++) {
- pixel_ptr = row * width * 2;
yq = uq = vq =0;
for (col = 0; col < width/4; col++) {
encoded[pixel_ptr] = yq -= encoded[pixel_ptr];
@@ -331,8 +334,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
}
break;
case IMGTYPE_YUV411:
+ pixel_ptr = 0;
for (row = 0; row < height; row++) {
- pixel_ptr = row * width / 2 * 3;
yq = uq = vq =0;
for (col = 0; col < width/4; col++) {
encoded[pixel_ptr] = yq -= encoded[pixel_ptr];
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 3+ messages in thread
* [FFmpeg-devel] [PATCH 2/2] tools/target_dec_fuzzer: Adjust threshold for QPEG
2023-06-01 0:26 [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards Michael Niedermayer
@ 2023-06-01 0:26 ` Michael Niedermayer
2023-06-01 0:28 ` [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards James Almer
1 sibling, 0 replies; 3+ messages in thread
From: Michael Niedermayer @ 2023-06-01 0:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: Timeout
Fixes: 59332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-6292824736530432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
tools/target_dec_fuzzer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index d8e93f3a21..1dbdad50b6 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -268,6 +268,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
case AV_CODEC_ID_OPUS: maxsamples /= 16384; break;
case AV_CODEC_ID_PNG: maxpixels /= 128; break;
case AV_CODEC_ID_APNG: maxpixels /= 128; break;
+ case AV_CODEC_ID_QPEG: maxpixels /= 128; break;
case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break;
case AV_CODEC_ID_PRORES: maxpixels /= 256; break;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards
2023-06-01 0:26 [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards Michael Niedermayer
2023-06-01 0:26 ` [FFmpeg-devel] [PATCH 2/2] tools/target_dec_fuzzer: Adjust threshold for QPEG Michael Niedermayer
@ 2023-06-01 0:28 ` James Almer
1 sibling, 0 replies; 3+ messages in thread
From: James Almer @ 2023-06-01 0:28 UTC (permalink / raw)
To: ffmpeg-devel
On 5/31/2023 9:26 PM, Michael Niedermayer wrote:
> Also update check accordingly
>
> Fixes: tickets/10237/mszh_306_306_yuv422_nocompress.avi
> Fixes: tickets/10237/mszh_306_306_yuv411_nocompress.avi
>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/lcldec.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c
> index ed78d9d570..1c93378c4c 100644
> --- a/libavcodec/lcldec.c
> +++ b/libavcodec/lcldec.c
> @@ -231,16 +231,19 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> break;
> case COMP_MSZH_NOCOMP: {
> int bppx2;
> + int widtha = width;
nit: aligned_width is clearer, imo.
> switch (c->imgtype) {
> case IMGTYPE_YUV111:
> case IMGTYPE_RGB24:
> bppx2 = 6;
> break;
> case IMGTYPE_YUV422:
> + widtha &= ~3;
> case IMGTYPE_YUV211:
> bppx2 = 4;
> break;
> case IMGTYPE_YUV411:
> + widtha &= ~3;
> case IMGTYPE_YUV420:
> bppx2 = 3;
> break;
> @@ -248,7 +251,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> bppx2 = 0; // will error out below
> break;
> }
> - if (len < ((width * height * bppx2) >> 1))
> + if (len < ((widtha * height * bppx2) >> 1))
> return AVERROR_INVALIDDATA;
> break;
> }
> @@ -314,8 +317,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> }
> break;
> case IMGTYPE_YUV422:
> + pixel_ptr = 0;
> for (row = 0; row < height; row++) {
> - pixel_ptr = row * width * 2;
> yq = uq = vq =0;
> for (col = 0; col < width/4; col++) {
> encoded[pixel_ptr] = yq -= encoded[pixel_ptr];
> @@ -331,8 +334,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> }
> break;
> case IMGTYPE_YUV411:
> + pixel_ptr = 0;
> for (row = 0; row < height; row++) {
> - pixel_ptr = row * width / 2 * 3;
> yq = uq = vq =0;
> for (col = 0; col < width/4; col++) {
> encoded[pixel_ptr] = yq -= encoded[pixel_ptr];
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-01 0:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-01 0:26 [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards Michael Niedermayer
2023-06-01 0:26 ` [FFmpeg-devel] [PATCH 2/2] tools/target_dec_fuzzer: Adjust threshold for QPEG Michael Niedermayer
2023-06-01 0:28 ` [FFmpeg-devel] [PATCH 1/2] avcodec/lcldec: Make PNG filter addressing match the code afterwards James Almer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git